Technology sector  is most impersonated industry with highest number of phishing attempts, reinforcing the need for strong cyber security measures

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP) and  a pioneer and global leader of cyber security solutions, has released its latest Brand Phishing Ranking for Q4 2024. This report highlights the brands most frequently imitated by cybercriminals in their efforts to steal personal information and payment credentials, underscoring the ongoing threats posed by phishing attacks in an increasingly digital world.

In the fourth quarter, Microsoft retained its position as the most imitated brand, accounting for 32% of all brand phishing attempts. Apple held on to the second position with 12%, while Google maintained its third-place ranking. LinkedIn reentered the list at fourth place, after a brief absence. The Technology sector emerged as the most impersonated industry, followed by Social Networks and the Retail sector.

Omer Dembinsky, Data Group Manager at Check Point Software, commented, "The persistence of phishing attacks leveraging well-known brands underscores the importance of user education and advanced security measures. Verifying email sources, avoiding unfamiliar links, and enabling multi-factor authentication (MFA) are crucial steps in protecting personal and financial data from these ever-evolving threats."

Top Phishing Brands

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q42024:

Microsoft - 32%

Apple - 12%

Google - 12%

LinkedIn - 11%

Alibaba - 4%

WhatsApp - 2%

Amazon - 2%

Twitter - 2%

Facebook - 2%

Adobe - 1%

Clothing Brands Phishing campaigns

During the holiday season, several phishing campaigns targeted shoppers by imitating the websites of well-known clothing brands. For example, domains like nike-blazers[.]fr, nike-blazer[.]fr, and nike-air-max[.]fr were designed to deceive users into believing they were official Nike platforms. These fraudulent sites replicate the brand's logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.

Additional examples included:

    Adidas – adidasyeezy[.]co[.]no, adidassamba[.]com[.]mx, adidasyeezy[.]ro and adidas-predator[.]fr

    LuluLemon – lululemons[.]ro

    Hugo Boss – www[.]hugoboss-turkiye[.]com[.]tr, hugobosssrbija[.]net and www[.]hugoboss-colombia[.]com[.]co

    Guess – www[.]guess-india[.]in

    Ralph Lauren – www[.]ralphlaurenmexico[.]com[.]mx

 

PayPal login page – Credentials theft example

We recently identified a malicious phishing webpage operating under the domain wallet-paypal[.]com, crafted to impersonate the PayPal brand. This fake site mimics PayPal's login page, including the official logo, to deceive users. By creating a false sense of legitimacy, it lures victims into logging in or registering, ultimately stealing their personal and financial information.

Facebook Impersonation

In the last quarter in 2024, we identified a fraudulent website (svfacebook[.]click) designed to mimic the Facebook login page. The site prompted victims to enter personal information, such as their email and password. Although the domain is no longer resolving to an active webpage, it was recently created and had previously hosted multiple subdomains impersonating Facebook's login page.

With the consistent rise in phishing attempts targeting globally recognized brands, users must stay vigilant and proactive in adopting security best practices. Installing updated security software, recognizing red flags in unsolicited communications, and avoiding interactions with suspicious websites can significantly reduce the risk of falling victim to phishing schemes.

Follow Check Point via:  

LinkedIn: https://www.linkedin.com/company/check-point-software-technologies

X: https://www.twitter.com/checkpointsw

Facebook: https://www.facebook.com/checkpointsoftware

Blog: https://blog.checkpoint.com

YouTube: https://www.youtube.com/user/CPGlobal

   About Check Point Research  

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.  

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.

Legal Notice Regarding Forward-Looking Statements  

This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point's industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2024. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.